Azure Virtual Network Peering

Connect virtual networks seamlessly and securely.

Azure Virtual Network (VNet) peering enables you to seamlessly connect Azure virtual networks in Azure. Once peered, virtual networks compute resources in each virtual network can communicate with each other directly, as if they were within the same network. The traffic between virtual networks travels over the Microsoft backbone network; it does not traverse the public Internet.

What is VNet Peering?

VNet peering is a relational database in Azure that enables you to connect two or more virtual networks, creating a flat network architecture. This allows resources in different virtual networks to communicate directly with each other.

Key benefits of VNet peering include:

  • Low Latency: Traffic stays on the Microsoft backbone, reducing latency.
  • High Bandwidth: Dedicated bandwidth for inter-VNet communication.
  • Security: Traffic doesn't traverse the public internet.
  • Simplified Management: Centralized control and monitoring.
  • Cost-Effective: Often more economical than complex VPN gateway solutions for internal connectivity.

Types of VNet Peering

There are two main types of VNet peering:

  1. VNet Peering: Connects virtual networks within the same Azure region.
  2. Global VNet Peering: Connects virtual networks across different Azure regions.

Key Considerations

When implementing VNet peering, consider the following:

  • IP Address Spaces: The address spaces of peered VNets must not overlap.
  • Transitivity: VNet peering is not transitive. If VNet A is peered with VNet B, and VNet B is peered with VNet C, VNet A cannot communicate with VNet C through VNet B. You would need to explicitly peer VNet A with VNet C.
  • Gateway Transit: By default, a peered VNet cannot use the VPN gateway or ExpressRoute circuit in another peered VNet to reach on-premises networks or a service in another VNet. You can enable gateway transit from the peered VNet to the gateway VNet.

How to Configure VNet Peering

VNet peering can be configured through the Azure portal, Azure CLI, Azure PowerShell, or ARM templates.

Using the Azure Portal

  1. Navigate to the virtual network you want to peer.
  2. Under "Settings", select "Peerings".
  3. Click "+ Add".
  4. Fill in the required details, including the name of the peering, the subscription, and the target virtual network.
  5. Configure the options for "Address space access" and "Gateway transit" as needed.
  6. Click "Add" to create the peering.

You must configure the peering connection from both virtual networks.

Use Cases

VNet peering is ideal for scenarios such as:

  • Connecting development, testing, and production environments.
  • Enabling communication between application tiers deployed in different VNets.
  • Facilitating hybrid cloud connectivity by peering an on-premises network with an Azure VNet.
  • Sharing services (like Active Directory domain controllers) across multiple VNets.
"VNet peering provides a secure and efficient way to extend your network reach within Azure, enabling complex application architectures and hybrid connectivity solutions."

Important Note

Ensure that the resource names for peering connections are unique within the virtual network. Consider using a naming convention that includes the name of the peered VNet for clarity.

Pro Tip

For complex network topologies, consider using Azure Virtual WAN for simplified hub-and-spoke connectivity across multiple VNets and regions.

Learn More